“Securing Companies with Pioneering Approach”

For Linnea Solem, CEO and Founder of Solem Risk Partners, LLC the starting point towards becoming a successful entrepreneur is doing work that one is passionate about. “If you focus on work that energizes you, it won’t feel like work! I think starting a business requires a level of risk-taking but being able to adapt to change is a critical success factor,” she adds. “I’m a driver and focus on delivering results but I balance that with strong business acumen.” For Linnea strategic thinking is all about seeing the linkages, synergies, and implications to internal/external events and combine that with actionable recommendations. She got involved in Data Privacy back in 1997 – before many of the privacy laws even required formal oversight for third party vendors. “However, I don’t take an academic approach to privacy risk management. I’ve had to integrate privacy, risk, and compliance into very regulated products and services, and I love the collaboration with the business to help overcome what seemed to be a roadblock. Good privacy practices can enable trust which makes it good for business,” she says.

"Linnea spent roughly 30 years in the corporate world, including twenty years working directly with the C-Suite in many risk focused roles. "

Linnea spent roughly 30 years in the corporate world, including twenty years working directly with the C-Suite in many risk focused roles. During those tenures she built out many programs to address risk and compliance obligations. “What I realized is that at this point in my career I liked the advisory and building roles more than day to day management. The risk, privacy, and governance landscape is changing quickly, and requires a depth of knowledge to assess how these changes can impact a company,” she adds. “My goal is to help companies navigate the risk landscape with confidence by providing guidance on how to structure an approach that works within their own operations.”

To Linnea it is all about the basics—Privacy programs are based on foundational privacy principles. While regulations are complex, and require strong interpretation, the building blocks are the same. The more regulated the data, the more regulated the company, the stronger the expectation is for governance. Using a privacy maturity model approach is a method to help “right size” the approach as long as one starts using a common framework. “The key is to not over-engineer the approach. You inspect what you expect. Understand the stakeholders and what information they need to gain confidence,” says Linnea. “I like to start from the outside in – and understand if there are external expectations from auditors, regulators, and what type of assurance is required to address the requirements.” She adds, risk management is not just about potential impact, it is about likelihood. A key part of a risk assessment is to have a good process to evaluate the control, quantify the risk, and any mitigating factors to determine the level of risk oversight that’s needed.

In an instance, an international company in payments who was a service provider or data processor needed to address GDPR quickly. The company has just been spun off from its’ U.S parent company, so they no longer had access to dedicated risk and privacy resources. “I broke the initiative down into its component parts – by simplifying the structure of the project into terms that fit with their business, so the “project work” felt more like process improvement in their daily operations,” explains Linnea. “I call it my “The What’s”, the “So What’s” and the “Now What’s” approach. Help the organization understand WHAT has changed. Then help the organization identify the next steps to take action.”

According to Linnea, 2020 has changed everyone’s perspective in numerous ways. Organizations are working differently, and don’t see a return to the same office culture. “I think that the use of outside resources to act in a virtual capacity will become more common place. Covid-19 has exposed many risks in the supply chain, and I see organizations needing to establish more formal risk committees to help manage risk,” says Linnea. “Virtual CISO’s are common, and I think Virtual Chief Privacy Officer, Virtual Risk Officers, Virtual M&A consultant, will become more common methods to help organizations establish the right governance they need to adapt to these challenging times.” IE